<?php

//making new directory in images dir
function img_mkdir($redirect=true) {
	global $conf;

	//checking path
	if(eregi('\.\.', $_POST['path'])) {
		redirect('index.php?module=error&error=dir_error1');
		exit();
	}
	//checking field name
	elseif($_POST['name'] == '') {
		redirect('index.php?module=error&error=dir_error2');
		exit();
	}
	if(!eregi("^([[:alnum:]_-])+$", $_POST['name'])) {
		redirect('index.php?module=error&error=dir_error4');
		exit();
	}
	//checking if dir already exists
	elseif(file_exists($conf['images_dir'].$_POST['path'].$_POST['name'])) {
		redirect('index.php?module=error&error=dir_error3');
		exit();
	}
	//checking authorization
	elseif(!perms_check('images', 'mkdir')) {
		plugins('std/unauth/');
		redirect('index.php?module=error&error=auth_error');
		exit();
	}
	else {
		mkdir_safe_mode($conf['images_dir'].$_POST['path'].$_POST['name'], 0777);
		
		
		
		if($redirect) {
			redirect('index.php?module=admin&action=images&cmd=view_dir&dir='.$_POST['path'].$_POST['name'].'/');
			exit();
		}
	}
}
//

//removing directory
function img_rmdir() {
	SQLvalidate($_GET['dir'], 'varchar');

	$dir = $_GET['dir'];
	global $conf;
	if(eregi('\.\.', $dir) or !perms_check('images', 'rmdir')) {
		plugins('std/unauth/');
		redirect('index.php?module=error&error=auth_error');
		exit();
	}
	elseif($dir == '') {
		redirect('index.php?module=error&error=dir_error1');
		exit();
	}
	else {
		$db=new dbquery;
		$db->query("SELECT * FROM $conf[prefix]images WHERE path='$dir'") or $db->err(__FILE__, __LINE__);
		$num=$db->num_rows();

		while($i=$db->fetch_object()) {
			$ext=end($foo = explode('.', $i->name));
			@unlink_safe_mode($conf['images_min_dir'].md5($dir.$i->name).'.'.$ext);
			@unlink_safe_mode($conf['images_dir'].$dir.$i->name);
		}

		$db->query("DELETE FROM $conf[prefix]images WHERE path='$dir'") or $db->err(__FILE__, __LINE__);
		if(is_module_installed('gallery'))
			$db->query("UPDATE $conf[prefix]gallery SET images=images-$num WHERE path='$dir'") or $db->err(__FILE__, __LINE__);

		rmdir_safe_mode($conf['images_dir'].$dir);
		
		
		redirect('index.php?module=admin&action=images');
	}
}
//

//adding new image
function img_add() {
	global $conf, $lang;

	//checking fields
	SQLvalidate($_POST['name'], 'varchar');
	SQLvalidate($_POST['path'], 'varchar');
	SQLvalidate($_POST['source'], 'varchar');
	SQLvalidate($_POST['source_url'], 'varchar');

	//perms
	if(!perms_check('images', 'upload')) {
		plugins('std/unauth/');
		redirect('index.php?module=error&error=auth_error');
		exit();
	}

	//file name
	if(!$_POST['name']) {
		if($_POST['how_image'] == 'form')
			$_POST['name'] = $_FILES['image_form']['name'];
		elseif($_POST['how_image'] == 'link')
			$_POST['name'] = end($foo = explode('/', $_POST['image_link']));
	}
	$_POST['name'] = read_text_filename($_POST['name']);
	//

	//file extension
	if(strpos($_POST['name'], '.')===false) {
		if($_POST['how_image'] == 'form')
			$_POST['name'] .= '.'.end($foo = explode('.', $_FILES['image_form']['name']));
		elseif($_POST['how_image'] == 'link')
			$_POST['name'] .= '.'.end($foo = explode('.', $_POST['image_link']));				
	}
	
	$ext=end($foo = explode('.', $_POST['name']));
	
	if(!eregi("^(gif|jpg|jpeg|png)$", $ext)) {
		redirect('index.php?module=error&error=image_error4');
		exit();
	}
	//

	//GD library
	if(!function_exists('imagejpeg') or !function_exists('imagepng')) {
		redirect('index.php?module=error&error=image_error6');
		exit();
	}
	//
	
	if(($_POST['how_image'] == 'form' and (filesize($_FILES['image_form']['tmp_name']) == 0 or !is_uploaded_file($_FILES['image_form']['tmp_name']) or $_FILES['image_form']['tmp_name'] == ''))) {
		redirect($_SESSION['redirect_1']);
		exit();
	}
	if(eregi('\.\.', $_POST['path']) or $_POST['path'] == '/' or $_POST['path'] == '') {
		redirect('index.php?module=error&error=dir_error1');
		exit();
	}
	elseif(!eregi("^([[:alnum:]\._-])+$", $_POST['name'])) {
		redirect('index.php?module=error&error=image_error2');
		exit();
	}
	elseif(file_exists($conf['images_dir'].$_POST['path'].$_POST['name'])) {
		redirect('index.php?module=error&error=image_error3');
		exit();
	}

	//upload
	if($_POST['how_image'] == 'link')
		upload_image_from_url($_POST['image_link'], $conf['images_dir'].$_POST['path'].$_POST['name']);
	elseif($_POST['how_image'] == 'form')
		upload_image_form($_FILES['image_form'], $conf['images_dir'].$_POST['path'].$_POST['name']);

	//tworzenie miniatury
	list($width, $height, $new_width, $new_height)=make_image_minature($conf['images_min_dir'].md5($_POST['path'].$_POST['name']), $conf['images_dir'].$_POST['path'].$_POST['name'], $conf['preview_img_width'], $conf['preview_img_height']);

	//dodawanie znaku wodnego
	if($_POST['watermark'] != 0 && $_POST['watermark_pos'] >= 1 && $_POST['watermark_pos'] <= 4)
		watermark($conf['images_dir'].$_POST['path'].$_POST['name'], $_POST['watermark'], $_POST['watermark_pos']);

	//adding to database
	$date=date('Y-m-d H:i:s');

	$sqlV='';
	$sqlI='';
	$languages = get_lang_list();
	foreach($languages as $l) {
		SQLvalidate($_POST["desc_$l"], 'text');
		$_POST["desc_$l"]=post_text($_POST["desc_$l"]);
		
		$sqlI .= ', `desc_'.$l.'`';
		$sqlV .= ", '".$_POST["desc_$l"]."'";
		
		if(is_module_installed('comments')) {
			$sqlI .= ", `comments_".$l."`";
			$sqlV .=", 0";
		}
	}

	$db=new dbquery;
	$query = "INSERT INTO $conf[prefix]images (`id` , `name` , `path` , `date` , `source` , `source_url` , `author` , `x` , `y` , `minx` , `miny` , `votes` , `total` , `rating` , `views` ".$sqlI.") VALUES(NULL, '$_POST[name]', '$_POST[path]', '$date', '$_POST[source]', '$_POST[source_url]', '$_SESSION[id]', $width, $height, $new_width, $new_height, 0, 0, 0, 0 ".$sqlV.")";

	$db->query($query) or $db->err(__FILE__, __LINE__);
	//
	
	//run plugins
	plugins('images/img_add/');
	//
	
	
	redirect('index.php?module=admin&action=images&cmd=view_dir&dir='.$_POST['path']);
	exit();
}
//

//removing image
function img_rm() {
	global $conf;	

	//perms
	if(!perms_check('images', 'del')) {
		plugins('std/unauth/');
		redirect('index.php?module=error&error=auth_error');
		exit();
	}

	SQLvalidate($_GET['img'], 'varchar');
	SQLvalidate($_GET['dir'], 'varchar');

	$img = $_GET['img'];
	$dir = $_GET['dir'];

	$db=new dbquery;
	$db->query("SELECT * FROM $conf[prefix]images WHERE path = '$dir' AND name = '$img'") or $db->err(__FILE__, __LINE__);

	$tmp = $db->fetch_object();
	$img_id = $tmp->id;

	if(eregi('\.\.', $dir) || eregi('\.\.', $img)) {
		plugins('std/unauth/');
		redirect('index.php?module=error&error=dir_error1');
		exit();
	}
	elseif($img == '') {
		redirect('index.php?module=error&error=dir_error1');
		exit();
	}
	else {
		$ext=end($foo=explode(".", $img));
		@unlink($conf['images_dir'].$dir.$img);
		@unlink($conf['images_min_dir'].md5($dir.$img).'.'.$ext);
		
		//run plugins
		$_POST['path']=$dir;
		plugins('images/img_rm/');
		//
		
		$db->query("DELETE FROM $conf[prefix]images WHERE path = '$dir' AND name = '$img'") or $db->err(__FILE__, __LINE__);

		
		redirect($_SESSION['redirect_2']);
	}
}
//

//editing image
function img_edit() {
	global $conf, $lang;

	//checking fields
	SQLvalidate($_POST['name'], 'varchar');
	SQLvalidate($_POST['filename'], 'varchar');
	SQLvalidate($_POST['path'], 'varchar');
	SQLvalidate($_POST['p'], 'varchar');
	SQLvalidate($_POST['source'], 'varchar');
	SQLvalidate($_POST['source_url'], 'varchar');
	//

	//perms
	if(!perms_check('images', 'edit')) {
		plugins('std/unauth/');
		redirect('index.php?module=error&error=auth_error');
		exit();
	}
	//
	
	$db=new dbquery;
	
	//file name
	if(!$_POST['name']) {
		if($_POST['how_image'] == 'form')
			$_POST['name'] = basename($_FILES['image_form']['name']);
		elseif($_POST['how_image'] == 'link')
			$_POST['name'] = end($foo = explode('/', $_POST['image_link']));
	}
	$_POST['name'] = read_text_filename($_POST['name']);
	//

	//file extension
	if(strpos($_POST['name'], '.')===false) {
		if($_POST['how_image'] == 'form') {
			$_POST['name'] .= '.'.end($foo = explode('.', $_FILES['image_form']['name']));
			$fext=end($foo = explode('.', $_FILES['image_form']['name']));
		}
		elseif($_POST['how_image'] == 'link') {
			$_POST['name'] .= '.'.end($foo = explode('.', $_POST['image_link']));
			$fext=end($foo = explode('.', $_POST['image_link']));
		}
		else {
		    $_POST['name'] .= '.'.end($foo = explode('.', $_POST['filename']));
		    $fext=end($foo = explode('.', $_POST['filename']));
		}
	} else $fext=end($foo = explode('.', $_POST['filename']));
		
	$ext=end($foo = explode('.', $_POST['name']));
	
	if($fext != $ext) {
		redirect('index.php?module=error&error=image_error5');
		exit();
	}
	if(!eregi("^(gif|jpg|jpeg|png)$", $ext)) {
		redirect('index.php?module=error&error=image_error4');
		exit();
	}
	//

	if(($_POST['how_image'] == 'form' and filesize($_FILES['image_form']['tmp_name']) == 0)) {
		redirect($_SESSION['redirect_1']);
		exit();
	}
	elseif(eregi('\.\.', $_POST['path']) or $_POST['path'] == '/' or $_POST['path'] == '' or eregi('\.\.', $_POST['p'])) {
		redirect('index.php?module=error&error=dir_error1');
		exit();
	}
	elseif(!eregi("^([[:alnum:]\._-])+$", $_POST['name'])) {
		redirect('index.php?module=error&error=image_error2');
		exit();
	}
	elseif(file_exists($conf['images_dir'].$_POST['path'].$_POST['name']) && (($_POST['p'] != $_POST['path']) || ($_POST['name'] != $_POST['filename']))) {
		redirect('index.php?module=error&error=image_error3');
		exit();
	}
	
	if(($_POST['p'] != $_POST['path']) || ($_POST['filename'] != $_POST['name'])) {
		if($_POST['how_image'] == 'no_change') {
			rename($conf['images_dir'].$_POST['p'].$_POST['filename'], $conf['images_dir'].$_POST['path'].$_POST['name']);
			rename($conf['images_min_dir'].md5($_POST['p'].$_POST['filename']).'.'.$fext, $conf['images_min_dir'].md5($_POST['path'].$_POST['name']).'.'.$fext);
		}
		else {
			//usuniecie starego obrazka
			@unlink($conf['images_dir'].$_POST['p'].$_POST['filename']);
			//usuniecie miniatury
			@unlink($conf['images_min_dir'].md5($_POST['p'].$_POST['filename']).'.'.$fext);
		}

		//update pol galerii
		if($_POST['p'] != $_POST['path'] && is_module_installed('gallery')) {
			if(is_gallery($_POST['p']))
				$db->query("UPDATE $conf[prefix]gallery SET images=images-1 WHERE path='$_POST[p]'") or $db->err(__FILE__, __LINE__);
			if(is_gallery($_POST['path']))
				$db->query("UPDATE $conf[prefix]gallery SET images=images+1 WHERE path='$_POST[path]'") or $db->err(__FILE__, __LINE__);
		}
		
	}

	if($_POST['how_image'] != 'no_change') {
		if($_POST['how_image'] == 'link')
			upload_image_from_url($_POST['image_link'], $conf['images_dir'].$_POST['path'].$_POST['name']);
		elseif($_POST['how_image'] == 'form')
			upload_image_form($_FILES['image_form'], $conf['images_dir'].$_POST['path'].$_POST['name']);

		//tworzenie miniatury 
    list($width, $height, $new_width, $new_height)=make_image_minature($conf['images_min_dir'].md5($_POST['path'].$_POST['name']), $conf['images_dir'].$_POST['path'].$_POST['name'], $conf['preview_img_width'], $conf['preview_img_height']);
	}
	
	//dodawanie znaku wodnego
	if($_POST['watermark'] != 0 && $_POST['watermark_pos'] >= 1 && $_POST['watermark_pos'] <= 4)
		watermark($conf['images_dir'].$_POST['path'].$_POST['name'], $_POST['watermark'], $_POST['watermark_pos']);
	
	$zapytanie = "UPDATE $conf[prefix]images SET name = '$_POST[name]', path = '$_POST[path]', source = '$_POST[source]', source_url = '$_POST[source_url]'";
	if($_POST['how_image'] != 'no_change')
		$zapytanie .= ", y = '$height', x = '$width', minx = '$new_width', miny = '$new_height'";

	//multilang
	$languages = get_lang_list();
	foreach($languages as $l) {
		SQLvalidate($_POST["desc_$l"], 'text');
		$_POST["desc_$l"]=post_text($_POST["desc_$l"]);
		$zapytanie .= ", desc_$l = '".$_POST["desc_$l"]."'";
	}

	$zapytanie .= " WHERE path = '$_POST[p]' AND name = '$_POST[filename]'";
	
	$db->query($zapytanie) or $db->err(__FILE__, __LINE__);

	//run plugins
	plugins('images/img_edit/');
	//	
	
	
	redirect($_SESSION['redirect_2']);
	exit;
}
//

//sprawdza czy podany plik jest w bazie je�eli nie to dodaje
//funkcja wykorzystywana w panelu admina je�eli pliki zosta�y wgrane r�cznie, a nie przez formularz
function img_auto_add($path, $fname) {
	global $conf, $lang;

	SQLvalidate($path, 'varchar');
	SQLvalidate($fname, 'varchar');

	$db=new dbquery;
	$db->query("SELECT * FROM $conf[prefix]images WHERE path='$path' && name='$fname'") or $db->err(__FILE__, __LINE__);

	//sprawdzanie uprawnien
	if(perms_check('images', 'upload') && $db->num_rows()==0) {
		$date=date('Y-m-d H:i:s');
		
		$sqlV='';
		$sqlI='';
		$languages = get_lang_list();
		foreach($languages as $l) {
			$sqlI .= ', `desc_'.$l.'`';
			$sqlV .= ", ''";
			
			if(is_module_installed('comments')) {
				$sqlI .= ", `comments_".$l."`";
				$sqlV .=", 0";
			}
		}

		$ext=explode(".", $fname);
		
		//resize if exdends default setting
		make_image_minature($conf['images_dir'].$path.$fname, $conf['images_dir'].$path.$fname, $conf['max_img_width'], $conf['max_img_height'], $perms);
		
		//tworzenie miniatury
	    list($width, $height, $new_width, $new_height)=make_image_minature($conf['images_min_dir'].md5($path.$fname).'.'.$ext, $conf['images_dir'].$path.$fname, $conf['preview_img_width'], $conf['preview_img_height']);
		
		if(!$width or !$height) return false;
		
		//watermark
		if($conf['img_def_watermark'] && $conf['img_def_watermark_pos'])
			watermark($conf['images_dir'].$path.$fname, $conf['img_def_watermark'], $conf['img_def_watermark_pos']);
	
		//dodanie do bazy
		$db->query("INSERT INTO $conf[prefix]images (`id` , `name` , `path` , `date` , `source` , `source_url` , `author` , `x` , `y` , `minx` , `miny` , `votes` , `total` , `rating` , `views` ".$sqlI.") VALUES (NULL, '$fname', '$path', '$date', '', '', '$_SESSION[id]', $width, $height, $new_width, $new_height, 0, 0, 0, 0 ".$sqlV.")") or $db->err(__FILE__, __LINE__);
		
		//run plugins
		$_POST['path']=$path;
		plugins('images/img_add/');
		//		
		
		return $fname;
	}
}
//

//funckja usuwaj�ca z bazy te pliki kt�rych ju� nie ma w folderze
function img_auto_remove($path) {
	global $conf, $lang;

	//sprawdzanie uprawnie�
	if(perms_check('images', 'del')) {
		$db=new dbquery;
		$db2=new dbquery;

		$db->query("SELECT * FROM $conf[prefix]images WHERE path='$path'") or $db->err(__FILE__, __LINE__);

		while($d=$db->fetch_object()) {
			if(!file_exists($conf['images_dir'].$d->path.$d->name)) {
				$db2->query("DELETE FROM $conf[prefix]images WHERE id=$d->id") or $db->err(__FILE__, __LINE__);
				
				//run plugins
				$_POST['path']=$d->path;
				plugins('images/img_rm/');
				//	
				
				$fext=end($foo=explode(".", $d->name));
				@unlink($conf['images_min_dir'].md5($d->path.$d->name).'.'.$fext);
			}
		}
	}
	//
}
//

//adding new swf animation
function swf_add() {
	global $conf, $lang;

	//checking fields
	SQLvalidate($_POST['name'], 'varchar');
	SQLvalidate($_POST['path'], 'varchar');
	SQLvalidate($_POST['menu'], 'varchar', 10);
	SQLvalidate($_POST['scale'], 'varchar', 12);
	SQLvalidate($_POST['wmode'], 'varchar', 15);
	SQLvalidate($_POST['bgcolor'], 'varchar', 20);
	SQLvalidate($_POST['width'], 'int', 4);
	SQLvalidate($_POST['height'], 'int', 4);
	SQLvalidate($_POST['border'], 'int', 3);

	if(!perms_check('images', 'upload')) {
		plugins('std/unauth/');
		redirect('index.php?module=error&error=auth_error');
		exit();
	}
	
	//file name
	if(!$_POST['name']) {
		if($_POST['how_image'] == 'form')
			$_POST['name'] = basename($_FILES['image_form']['name']);
		elseif($_POST['how_image'] == 'link')
			$_POST['name'] = end($foo = explode('/', $_POST['image_link']));
	}
	$_POST['name'] = read_text_filename($_POST['name']);
	//

	//file extension
	if(strpos($_POST['name'], '.')===false) {
		if($_POST['how_image'] == 'form')
			$_POST['name'] .= '.'.end($foo = explode('.', $_FILES['image_form']['name']));
		elseif($_POST['how_image'] == 'link')
			$_POST['name'] .= '.'.end($foo = explode('.', $_POST['image_link']));				
	}
	
	$ext=end($foo = explode('.', $_POST['name']));
	
	if(!eregi("^(swf)$", $ext)) {
		redirect('index.php?module=error&error=image_error4');
		exit();
	}
	//	
	
	if(($_POST['width'] == '') || ($_POST['height'] == '') || ($_POST['border'] == '')) {
		redirect('index.php?module=error&error=flash_error1');
		exit();
	}
	if(($_POST['how_image'] == 'form' and filesize($_FILES['image_form']['tmp_name']) == 0)) {
		redirect($_SESSION['redirect_1']);
		exit();
	}
	if(!eregi("^[[:alnum:]\._-]+$", $_POST['name']) || !eregi("^[0-9]+$", $_POST['width']) || !eregi("^[0-9]+$", $_POST['height']) || !eregi("^[0-9]+$", $_POST['border'])) {
		redirect('index.php?module=error&error=flash_error2');
		exit();
	}
	elseif(eregi('\.\.', $_POST['path'])) {
		redirect('index.php?module=error&error=dir_error1');
		exit();
	}
	elseif(file_exists($conf['images_dir'].$_POST['path'].$_POST['name'])) {
		redirect('index.php?module=error&error=flash_error3');
		exit();
	}

	//upload
	if($_POST['how_image'] == 'link')
		upload_image_from_url($_POST['image_link'], $conf['images_dir'].$_POST['path'].$_POST['name']);
	elseif($_POST['how_image'] == 'form')
		upload_image_form($_FILES['image_form'], $conf['images_dir'].$_POST['path'].$_POST['name']);

	$date=date('Y-m-d H:i:s');
	$db = new dbquery;
	$db->query("INSERT INTO $conf[prefix]flash (`id` ,`name` ,`path` ,`date` ,`author` ,`menu` ,`scale` ,`wmode` ,`bgcolor` ,`width` ,`height` ,`border`) VALUES(NULL, '$_POST[name]', '$_POST[path]', '$date', $_SESSION[id], '$_POST[menu]', '$_POST[scale]', '$_POST[wmode]', '$_POST[bgcolor]', $_POST[width], $_POST[height], $_POST[border])") or $db->err(__FILE__, __LINE__);

	
	redirect('index.php?module=admin&action=images&cmd=view_dir&dir='.$_POST['path']);
	exit();
}
//

//editing swf
function swf_edit() {
	global $conf, $lang;

	//checking fields
	SQLvalidate($_POST['name'], 'varchar');
	SQLvalidate($_POST['path'], 'varchar');
	SQLvalidate($_POST['filename'], 'varchar');
	SQLvalidate($_POST['p'], 'varchar');
	SQLvalidate($_POST['menu'], 'varchar', 10);
	SQLvalidate($_POST['scale'], 'varchar', 12);
	SQLvalidate($_POST['wmode'], 'varchar', 15);
	SQLvalidate($_POST['bgcolor'], 'varchar', 20);
	SQLvalidate($_POST['width'], 'int', 4);
	SQLvalidate($_POST['height'], 'int', 4);
	SQLvalidate($_POST['border'], 'int', 3);

	if(!perms_check('images', 'edit')) {
		plugins('std/unauth/');
		redirect('index.php?module=error&error=auth_error');
		exit();
	}
	
	//file name
	if(!$_POST['name']) {
		if($_POST['how_image'] == 'form')
			$_POST['name'] = basename($_FILES['image_form']['name']);
		elseif($_POST['how_image'] == 'link')
			$_POST['name'] = end($foo = explode('/', $_POST['image_link']));
	}
	$_POST['name'] = read_text_filename($_POST['name']);
	//

	//file extension
	if(strpos($_POST['name'], '.')===false) {
		if($_POST['how_image'] == 'form')
			$_POST['name'] .= '.'.end($foo = explode('.', $_FILES['image_form']['name']));
		elseif($_POST['how_image'] == 'link')
			$_POST['name'] .= '.'.end($foo = explode('.', $_POST['image_link']));				
	}
	
	$ext=end($foo = explode('.', $_POST['name']));
	
	if(!eregi("^(swf)$", $ext)) {
		redirect('index.php?module=error&error=image_error4');
		exit();
	}
	//	
	
	if(($_POST['name'] == '') || ($_POST['width'] == '') || ($_POST['height'] == '') || ($_POST['border'] == '')) {
		redirect('index.php?module=error&error=flash_error1');
		exit();
	}
	if(($_POST['how_image'] == 'form' and filesize($_FILES['image_form']['tmp_name']) == 0)) {
		redirect($_SESSION['redirect_1']);
		exit();
	}
	if(!eregi("^[[:alnum:]\._-]+$", $_POST['name']) || !eregi("^[0-9]+$", $_POST['width']) || !eregi("^[0-9]+$", $_POST['height']) || !eregi("^[0-9]+$", $_POST['border'])) {
		redirect('index.php?module=error&error=flash_error2');
		exit();
	}
	elseif(eregi('\.\.', $_POST['path'])) {
		redirect('index.php?module=error&error=dir_error1');
		exit();
	}
	if(file_exists($conf['images_dir'].$_POST['path'].$_POST['name']) && (($_POST['p'] != $_POST['path']) || ($_POST['name'] != $_POST['filename']))) {
		redirect('index.php?module=error&error=flash_error3');
		exit();
	}

	if($_POST['how_image'] != 'no_change') {
		//upload
		if($_POST['how_image'] == 'link')
			upload_image_from_url($_POST['image_link'], $conf['images_dir'].$_POST['path'].$_POST['name']);
		elseif($_POST['how_image'] == 'form')
			upload_image_form($_FILES['image_form'], $conf['images_dir'].$_POST['path'].$_POST['name']);
	}
	
	if(($_POST['p'] != $_POST['path']) || ($_POST['filename'] != $_POST['name'])) {
		if($_POST['how_image'] == 'no_change')
			rename($conf['images_dir'].$_POST['p'].$_POST['filename'], $conf['images_dir'].$_POST['path'].$_POST['name']);
		else
			unlink($conf['images_dir'].$_POST['p'].$_POST['filename']);	
		
	}

	$db = new dbquery;
	$db->query("UPDATE $conf[prefix]flash SET name = '$_POST[name]', path = '$_POST[path]', menu = '$_POST[menu]', scale = '$_POST[scale]', wmode = '$_POST[wmode]', bgcolor = '$_POST[bgcolor]', width = $_POST[width], height = $_POST[height], border = $_POST[border] WHERE path = '$_POST[p]' AND name = '$_POST[filename]'") or $db->err(__FILE__, __LINE__);

	
	redirect('index.php?module=admin&action=images&cmd=view_dir&dir='.$_POST['path']);
	exit();
}
//

//removing swf
function swf_rm() {
	global $conf, $lang;
  	
  if(!perms_check('images', 'del')) {
		plugins('std/unauth/');
		redirect('index.php?module=error&error=auth_error');
		exit();
	}

	SQLvalidate($_GET['img'], 'varchar');
	SQLvalidate($_GET['dir'], 'varchar');

	$img = $_GET['img'];
	$dir = $_GET['dir'];

	if(eregi('\.\.', $img.$dir)) {
		plugins('std/unauth/');
		redirect('index.php?module=error&error=dir_error1');
		exit();
	}
	elseif($img == '') {
		redirect('index.php?module=error&error=dir_error1');
		exit();
	}
	else {
		@unlink($conf['images_dir'].$dir.$img);

		$db = new dbquery;
		$db->query("DELETE FROM $conf[prefix]flash WHERE path = '$dir' AND name = '$img'") or $db->err(__FILE__, __LINE__);

		
		redirect('index.php?module=admin&action=images&cmd=view_dir&dir='.$dir);
	}
}
//

//funckja dodajaca ocene do sumy ocen danego obrazka i inkrementujaca ilosc ocen
function rate_image() {
	global $lang, $conf;

	SQLvalidate($_GET['id']);
	SQLvalidate($_GET['vote']);

	if(is_numeric($_GET['id']) && $_GET['vote']>0 && $_GET['vote']<=5 && strlen($_GET['vote'])==1) {
		$db=new dbquery;
		$db->query("SELECT votes, total FROM $conf[prefix]images WHERE id=$_GET[id]") or $db->err(__FILE__, __LINE__);

		$d=$db->fetch_object();
		$rating=round((($d->total+$_GET['vote'])/($d->votes+1)), 2);

		$db->query("UPDATE $conf[prefix]images SET votes=votes+1, total=total+$_GET[vote], rating='$rating' WHERE id=$_GET[id]") or $db->err(__FILE__, __LINE__);
		$_SESSION['images_rated'][]=$_GET['id'];
	}
	redirect('index.php?module=images&function=show_image&id='.$_GET['id']);
}
//


//funckja wyswietlajaca obrazek z [img_min]
function img_full_size (){
	global $GLOBALS['theme_path'];
	echo(string_template(read_file('other/img_full_size.php'), array('url' => $_GET['url'])));
}
//
?>
